Age | Commit message (Collapse) | Author |
|
The apt-key script uses quiet a few keyring files for operation which
are specific to the distribution it is build on and is hence one of the
most patched parts – even if it is not that often used anymore now that
a fragment directory for trusted.gpg exists.
|
|
With the net-update command a special keyring can be downloaded and
imported into apt, which must be signed by a master key. Its is
currently disabled because of security problems with it – and the only
known user before that was Ubuntu.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The upgrade releated code is moved into upgrade.{cc,h} and
all pkg*Upgrade* prototypes are included in algorihms.h to
avoid breaking API (unless build with APT_9_CLEANER_HEADERS).
|
|
|
|
With a bit of trickery we can reuse the usual infrastructure we have in
place to acquire deb files for the 'download' operation as well, which
gains us authentification check & display, error messages, correct
filenames and "downloads" from the root-owned archives.
|
|
refactor the fetching process so that it looks more like the
others we have in the hope that we can reuse code in the future.
This is a soft interface change as 'source' previously printed
errors directly on stderr, while it will now push it onto our usual
error stack.
|
|
Git-Dch: Ignore
|
|
|
|
|
|
dist-upgrade 2vcard- 4g8+
|
|
|
|
Conflicts:
cmdline/apt-get.cc
|
|
is used with additional
arguments (closes: #705510)
|
|
experimental
|
|
Having fragement files means there is a good chance that there is one
key per keyring, so deal with that as well as with setups in which
keyrings are linked into trusted.gpg.d as we can't just modify those
files (they might be in /usr for example).
|
|
Might come in handy for more than just a simple testcase.
|
|
Closes: 665411
|
|
for some "interesting" reason gpg decides that it needs to update its
trustdb.gpg file in a --list-keys command even if right before gpg is
asked to --check-trustdb. That wouldn't be as bad if it wouldn't modify
the keyring being listed at that moment as well, which generates not
only warnings which are not a problem for us, but as the keyring
modified can be in /usr it modified files which aren't allowed to be
modified.
The suggested solution in the bugreport is running --check-trustdb
unconditionally in an 'apt-key update' call, but this command will not
be used in the future and this could still potentially bite us in
net-update or adv calls. All of this just to keep a file around, which
we do not need…
The commit therefore switches to the use of a temporary created
trusted.gpg file for everyone and asks gpg to not try to update the
trustdb after its intial creation, which seems to avoid the problem
altogether.
It is using your also faked secring btw as calling the check-trustdb
without a keyring is a lot slower …
Closes: #687611
Thanks: Andreas Beckmann for the initial patch!
|
|
APT doesn't care for the trustdb.gpg, but gnupg requires one even for
the simplest commands, so we either use the one root has available in
/etc or if we don't have access to it (as only root can read that file)
we create a temporary directory to store a trustdb.gpg in it.
We can't create just a temporary file as gpg requires the given
trustdb.gpg file to be valid (if it exists), so we would have to remove
the file before calling gnupg which would allow mktemp (and co) to hand
exactly this filename out to another program (unlikely, but still).
|
|
Usually, most apt-key commands require root, so the script is checking
for being run as root, but in your tests we use a non-root location, so
we don't need to be root and therefore need an option to skip the check.
Git-Dch: Ignore
|
|
|
|
|
|
nl_langinfo is used to acquire the YESEXPR of the language used,
but it will return the one from LC_MESSAGES, which might be different
from the language chosen for display of the question (based on LANGUAGE)
so this commit removes the [Y/n] help text from the questions itself and
moves it to the prompt creation in which the usage of LC_MESSAGES is
forced for it, so that the helptext shown actually represents the
characters accepted as input for the question.
There is still room for problems of course starting with an untranslated
"[Y/n]" but a translated YESEXPR or the problem that the question is
asked in a completely different language which might have a conflicting
definition of [Y/n] input or the user simple ignores the helptext and
assumes that an answer matching the question language is accepted, but
the mayority of users will never have this problem to begin with, so we
should be fine (or at least a bit finer than before).
Closes nothing really, but should at least help a bit with bugs like
deb:194614, deb:471102, lp:1205578, and countless others.
|
|
|
|
|
|
Using the static FileFd::Write method gives us error messages for free
so we use it here to avoid failing silently (with a fail silent error).
Git-Dch: Ignore
|
|
|
|
Beside the earlier fixed 'apt-cache show', 'showpkg' and 'search' deal
with descriptions. 'showpkg' was fixed by fixing the cache generation
for 'show', but 'search' still segfaulted.
On the upside, it doesn't segfault any longer, on the downside, if a
package has no description at all (aka: not in the Packages file and not
in a Translation-* file) the package can't be found with 'search', even
if we search only by name. That is a shortcoming in the code, but fixing
it means rewriting it completely for dubious gain at best.
So this commit just skips packages without a description and is done.
Closes: 647590
|
|
Given a Packages file like:
[…]
Description: foo bar baz
moo moo moo
Multi-Arch: foreign
Description-md5: 97e204a9f4ad8c681dbd54ec7c505251
[…]
We have to display the Multi-Arch flag field as well as the fields
after the Description-md5, but not this field itself, as we already
have one printed alongside the Description we display.
Closes: 717254
|
|
|
|
is found
|
|
(closes: #712433)
|
|
The default is to ask udev for location and mountpoints of CD-ROMs,
but the old way of specifying the mountpoint is still available and
is tried now in case udev doesn't find any CD-ROM.
It probably fails, too, but we get a bunch of error messages this
way and the user can get an idea of how to make his setup work even
if udev can't be convienced to return something useful.
Closes: #712433
|
|
do not blindly assume that all packages stanzas have a "Description:"
field in 'apt-cache show' as well as in the cache creation itself.
We instead assume now that if the stanza has a Description, it will not
be the first field as we look out for "\nDescription" to take care of
MD5sum as well as (maybe ignored) translated Descriptions embedded in
the package stanza.
Closes: #712435
|
|
Patterns can appear in the name as well as in the description,
they don't have to match all in the name/description only.
Closes: 691453
|
|
Git-Dch: Ignore
|
|
In the past packages were flagged "Protected" so that install/
remove markings where issued before the ProblemResolver.
Nowadays, the marking methods check if they are allowed to modify
the marking of a package instead, so that markings set by FromUser
calls are not overwritten anymore by automatic calls which elimates
the need for InstallProtect which just eats CPU now.
The method itself is left untouched for now in case frontend needs it
still for some wierd usecase, but they should be eliminated.
|
|
Building src:apt shows:
dpkg-shlibdeps: warning: package could avoid a useless dependency if
debian/apt/usr/lib/apt/methods/cdrom was not linked against libdl.so.2
(it uses none of the library's symbols)
dpkg-shlibdeps: warning: package could avoid a useless dependency if
debian/apt/usr/bin/apt-get was not linked against libutil.so.1 (it uses
none of the library's symbols)
|
|
|
|
|
|
|
|
|
|
|